cryptodev Pro: Efficiency. Much lower overhead means MUCH MORE THROUGHPUT and more precious CPU cycles available for other usage. Zero copy is real. Con: Additional module required. Have compatibility issue with openssh too(WTH openssh?)

Both are disabled by default.

AF_ALG

Install: You can enable AF_ALG by editing the /etc/ssl/openssl.cnf. Make sure you have something like these in the configuration:

then it's working. And you have to use either AES128-CBC/AES192-CBC/AES256-CBC in the specific program's cipher setting. I'm not going to cover those setting.

QuoteBTW I'm not a cryptography expert but as far as I know CBC mode is still "acceptable safe" to date as long as you have all the security patch and TLS ver ≥1.1. This is certainly not the most secure mode anymore and it may become unsafe in the future. You have been warned

Known issue:
You may notice the openssh isn't providing either of those cipher by default...And when you explicit setting it. Boom(I did warned you). Check debian bug#931272 for details.

In short. We need to rebuild openssh without seccomp support(seccomp isn't enforced by default until debian buster. But again these procedure weaken the security a bit)

You can freeze the openssh version by "apt-mark hold" to avoid accidently update your openssh.
Just keep in mind this will prevent you from receiving openssh security updates. You have to rebuild on every release for the security.
Or...you could just disable the offload cipher for openssh(default).

cryptodev

It's the most unreliable and yet most speed solution amount these two. If anything there that most are likely to corrupt your data. This is it. Additional modules are required, both kernel and openssl.

Kernel: You have to use the latest source from their github or it won't work on 5.x kernel. And so far it's not compiled on bodhi's headers files for some reason.

I just cross-compiled it. The kernel module binary is on attachment. (cryptodev.zip )

OpenSSL: Until recently you still have to re-compile the whole openssl for the cryptodev support(now called devcrypto). To make matter worse after you done that it become a builtin-engine. YOU COULD NOT DISABLE a builtin-engine unless unload the kernel module. Not even mention it could break your openssh almost entirely...

But luckily openssl source tree has just made it become a module instead a builtin-engine. Some bugs were also fixed(no longer breaking openssh as long as you not using the offloaded cipher). So I backport the module to the buster's openssl1.1.1. which is available in attachment

There are two version of it. devcrypto-with-hash has the offload digest(md5/sha) support, which is straight from official source. devcrypto-wo-hash does not as I strip the digest codes.
You can compare them on the benchmark in #2. You can only install either of them.

Install: Extract and put the "devcrypto.so" directly into "/usr/lib/arm-linux-gnueabi/engines-1.1"
Verify: run "openssl engine devcrypto". If you see:

(devcrypto) /dev/crypto engine

then it's working.

Enable procedure is same as af_alg. Just replace "afalg" with "devcrypto".

Known issue:
It will break openssh connection if you enable this engine with offloaded cipher(i.e. aes128-cbc) setting in sshd_config(which is not default). Unlike af_alg I didn't find any workaround.
See this report

Wanna use both? Or only wanna enable certain engine for certain application? No problem

Openssl support "OPENSSL_CONF" as environment var. You can make another openssl.cnf with different engine. Then pass the file path to the executable with OPENSSL_CONF. For example:

OPENSSL_CONF=/path/to/engine/afalg.cnf sshd

Q&A:
Q. Why there are so many useless blahblah. I just want more specific commands
A. It's not for the beginner and it's EXPERIMENTAL.

Q. Why it is experimental. Isn't it all from official source?
A. Cryptography is serious thing. Even though some of these codes have been existing for quite long time it still quite buggy and lack of popularity means lack of maintenance. Anything could happen.

Q. My ssh is not working anymore.
A. Remove the configuration and modules.

The overheads has some significant impact. Small bytes HW result is no where close to the software. And on hash even the large bytes isn't able to compare with software. On most commonly use cipher size it shows about 2x throughput, which match the real world result. AF_ALG is clearly slower than cryptodev.

Also, because the cost of context-switch. The cpu usage isn't benefit from the offload hash either.

Please, enter the code that you see below in the input field.
This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right.
If you enter the wrong code, a new image is created and you get
another chance to enter it right.